Bugs In SCADA Software Leave 7,600 Factories Vulnerable

mspohr (589790) writes with this news from the BBC: "The discovery of bugs in software used to run oil rigs, refineries and power plants has prompted a global push to patch the widely used control system. The bugs were found by security researchers and, if exploited, could give attackers remote access to control systems for the installations. The U.S. Department of Homeland Security said an attacker with 'low skill' would be able to exploit the bugs. About 7,600 plants around the world are using the vulnerable software. 'We went from zero to total compromise,' said Juan Vazquez, a researcher at security firm Rapid7 who, with colleague Julian Diaz, found several holes in Yokogawa's Centum CS 3000 software which was first released to run on Windows 98 to monitor and control machinery in many large industrial installations. The researchers also explored other SCADA software: 'We ended up finding over 1,000 bugs in 100 days.'" The vulnerabilities reported are in Yokogawa's Centum CS 300 industrial control software.

"Windows"

[Anonymous Coward]

Well I stopped reading right there.

Oh! I Say! Shocking !

[golodh]

I mean ... I had always understood that SCADA vulnerabilities were caused by amateurish system design (connecting SCADA systems to the Internet using cheapo consumer-grade routers, without precautions like stealth, VPN's, whitelist callbacks, etc.) and shoddy system management (factory default passwords, obvious passwords, dictionary passwords, no passwords).

And now this! In some cases the actual software seems to have security holes too. Shocking, shocking, shocking!